Pages

RSA is the most popular public key algorithm currently in use, despite the fact that it was encumbered by patent restrictions until the patent expired in September of 2000. It is named after its creators, Ron Rivest, Adi Shamir, and Leonard Adleman. One of the reasons that it is so popular is because it provides secrecy, authentication, and encryption all in one neat little package.

Unlike Diffie-Hellman and DSA, the RSA algorithm does not require parameters to be generated before keys can be generated, which simplifies the amount of work that is necessary to generate keys, and authenticate and encrypt communications. The command-line tool provides three commands for generating, examining, manipulating, and using RSA keys.

OpenSSL's genrsa command is used to generate a new RSA private key. Generation of an RSA private key involves finding two large prime numbers, each approximately half the length of the key. A typical key size for RSA is 1,024. We don't recommend that you use smaller key lengths or key lengths greater than 2,048 bits. By default, the generated private key will be unencrypted, but the command does have the ability to encrypt the resultant key using DES, 3DES, or IDEA.

The rsa command is used to manipulate and examine RSA keys and is the RSA version of the dsa command for DSA keys. It is capable of adding, modifying, and removing the encryption protecting an RSA private key. It is also capable of producing an RSA public key from a private key. The command can also be used to display information about a public or private key.

The rsautl command provides the ability to use an RSA key pair for encryption and signatures. Options are provided for encrypting and decrypting data, as well as for signing and verifying signatures. Remember that signing is normally performed on hashes, so this command is not useful for signing large amounts of data, or even more than 160 bits of data. In general, we do not recommend that you use this command at all for encrypting data. You should use the enc command instead. Additionally, encryption and decryption using RSA is slow, and for that reason,

it should not be used on its own. Instead, it is commonly used to encrypt a key for a symmetric cipher.